CVE-2014-1950

Name of the Vulnerable Software and Affected Versions Xen versions 4.1.x through 4.3.x

Description The issue is related to a use-after-free vulnerability in the xc cpupool getinfo function. This vulnerability can be exploited by local users with access to management functions, potentially leading to a denial of service (heap corruption) and possibly allowing them to gain privileges via unspecified vectors. The vulnerability is triggered when using a multithreaded toolstack and the xc cpumap alloc function fails.

Recommendations For Xen versions 4.1.x through 4.3.x, consider restricting access to management functions to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the xc cpupool getinfo function in multithreaded environments. At the moment, there is no information about a newer version that contains a fix for this vulnerability.